Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
EVOLVING CYBER RISK & UNSOLVED PROBLEMS
(A STUDY ON CYBER SECURITY AWARENESS & A SPECIFIC
STUDY ON PROVIDING SOLUTIONS TO CYBER RISKS & ENABLE
WITH CYBER LIABILITY INSURANCE)
ABSTRACT
With the dynamics in technology evolving in today’s world, cyber risks and breaches in legal,
regulatory, compliance environment, etc., which constitute the major threats in our daily lives.
These threats affect not just Individuals but also corporates, governments, and society as well.
Cyber security is the body of technologies, processes, and practices designed to protect
networks, devices, and data from attack, damage, or unauthorized access. The bank robbery
that took place in Bangladesh in 2016 majorly damaged the reputation of the Bangladesh Bank
when security hackers illegally transferred close to the US $1 billion from the Federal Reserve
Bank of New York issued the thirty-five fraudulent instructions. Such huge cyber risks exploit
human weaknesses rather than the computer itself. Since such risks are growing at a rapid rate,
Cyber Liability Insurance becomes the key tool to protect the stakeholders from such
uncertainties. Cyber Liability Insurance is an Insurance policy that covers the financial losses
arising out of data breaches, which would affect the individuals, organizations, government
and the economy as a whole.
According to the survey conducted in the year 2018 by Federation of Indian Chambers of
Commerce & Industry (FICCI), Cyber insecurity remains Achilles' heel threat. Information &
Cyber Insecurity continues to pose a serious threat to the current shift that our nation is
undergoing towards the digitization of various assets. Data theft, Phishing, and Hacktivism
have emerged as the biggest threat under this risk category according to India risk survey 2018.
This paper will focus on deeper understanding of cyber risks primarily related to individual
and organizational threats and promote ideas & solutions regarding the respective risks and
prioritizing cyber risk management. Even as we are moving, steady fastly towards
digitalization and embrace technological development for user-friendly initiatives.
Keywords – Cyber Security, Cyber Liability Insurance, Risks, Risk Management,
Digitalization, Technological Processes, User friendly
ADALYA JOURNAL
Volome 8, Issue 11, November 2019 878
ISSN NO: 1301-2746
http://adalyajournal.com/
EVOLVING CYBER RISK & UNSOLVED PROBLEMS
(A STUDY ON CYBER SECURITY AWARENESS & A SPECIFIC
STUDY ON PROVIDING SOLUTIONS TO CYBER RISKS & ENABLE
WITH CYBER LIABILITY INSURANCE)
INTRODUCTION
Cyber-attacks effectuated for financial gain through crimes like fraud, ransomware or
extortion. There are many instances where obstruct, revenge or recrimination are factors.
These Cyber-attacks also have a political aspect and were reportedly used in cyber-warfare.
The cyber-attack is not only focused on any particular industry but it is widely spread across
industries including individuals, organizations, government, etc., which are online and
technology connected through digital platforms. The Insurance Industry started addressing
the need of protecting cyber risks and ensure cyber security by way of protection and
formulate the tailor made and adaptable cyber insurance plans for different segments of
industries and Cyber risks profiling according to the sector specification and threats posed
and evaluate adequate risk management measures as a part of cyber security and combat with
challenges faced through cyber insecurity
Cyber-attacks not only originates outside organizations. “According to white hat Dark Web
professionals at Black Hat 2018, it cited that many hackers are certified professionals who
operate as trusted time bombs and have already penetrated most organizations.
A cyber-attack is a strike launched by cybercriminals using one or more computers against a
single or multiple computers or networks. A cyber-attack can maliciously disable or block
computers, steal data, or use a breached computer as a launch point for other attacks and
extended unethical practices. Cybercriminals use multifarious methods, including malware,
phishing, ransomware & cyber extortion, denial of service, emailing spoofing, IT thefts, Data
Breaches among other methods. The amount of data being generated, transmitted and stored
on to various digital platforms and devices is skyrocketing at the exponential growth rate and
thereby ensuring to gear up with cyber security by ensuring comprehensive insurance cover
ADALYA JOURNAL
Volome 8, Issue 11, November 2019 879
ISSN NO: 1301-2746
http://adalyajournal.com/
to pay for losses that could arise if the cyber risks are subjected to cyber-attacks. The critical
nature of complexity of digital and IT systems and Data protection which supports
transmission and utilization pooled with the possibility of remote and anonymous and
unauthorized access which have posed various threats for cyber security and which are
exposed to immeasurable cyber risks which may hamper the financial as well as reputation
status and thereby growing risks of liabilities
REVIEW OF LITERATURE
According to Jean Bolot, Marc Lelarge in their research paper “Cyber Insurance as an
Incentive for Internet Security” addresses on considering the problems of cyber security
whether to buy Insurance to protect the Internet and its users from cyber security risks and
identifying the special benefits of Insurance and designing appropriate Insurance policies
According to Scott J.Shackelford in his research “Should your firm invest in cyber risk
Insurance?” speaks about firms been turning towards cyber risks insurance in order to better
manage cyber threats which result in legal liability from data breaches. The extent to which
cyber risk Insurance helps in mitigating cyber threats. It also emphasis on firms to enhance
overall having a better risk management policy in cyber security and help secure critical
infrastructures
According to Jagendra Kumar in his detailed article “Three Fourth Indian Business hit by
Cyber Attacks” states India, accelerating towards 5 Trillion dollars digital economy building
the right framework for cyber resilience and security is critical for our country. India’s fast-
growing affinity towards technology and its services, it is important that the country’s
businesses take more active steps towards cyber security
According to Jaswanth Singh G in his detailed article “Cyber risks and How can an
effective Cyber Insurance can be explored for mitigate risks” suggests about costs and
adverse effects caused by cyber risks, micro and macro perspective of cyber risk
management, Cyber Insurance market, and pricing of cyber Insurance and challenges, Design
and develop new adequate cyber insurance products/policies and provide for customization as
per the changing risks requirement
ADALYA JOURNAL
Volome 8, Issue 11, November 2019 880
ISSN NO: 1301-2746
http://adalyajournal.com/
According to Derek Young, Juan Lopez Jr, Mason-Rice, Benjamin Ramsey, Robert
McTasney in their research paper “A framework for incorporating insurance in critical
infrastructure cyber risk strategies” suggests the framework which incorporates the
operating principles of Insurance industry to provide quantitative estimates of cyber risks and
optimization techniques to suggests levels of investment in cyber security and insurance for
critical infrastructure owners and operators.
STATEMENT OF THE PROBLEM
The top concern for every organization or an institution is to achieve the ideal digital,
digitized and digitization environment for their automation, processing, customer relationship
management and efficiency in performance and growth. Unfortunately, this form of
convenience has become one of the biggest and concerning threats due to cyber risks and
breaches.
SCOPE OF THE STUDY
Cybercrimes impact everyone on a large scale it has a very deep impact on the businesses,
government, individuals and economy of a country. Evolving cybercrimes has a bad impact on
social media as well. These cybercrimes in the business sector can lead to exposing important
business strategies and many other activities, which leads them towards the loss of a company.
This may lead to shutting down the company. Cybercrimes in the government part may also
give a bad impact on a country, changing in the data, extracting government funds,
manipulating information, etc. all these cybercrimes give a serious stroke to the economy.
Coming to individuals’ cybercrimes is frequently happening on a large scale, misleading e-
transactions, hacking into bank accounts, taking money from an individual’s bank accounts,
etc. are the cybercrimes faced by the individuals this will have a very sad and pathetic impact
on the country. Social media also is the most common place where there will be a greater
number of cyber-attacks, hacking into other accounts, posting abusive things from others
accounts, posting things, which are hurting other religions/community, etc., are the common
cyber-attacks we see in social media. Social media is the most used platform cyber-attacks in
this area had a large impact on the country.
ADALYA JOURNAL
Volome 8, Issue 11, November 2019 881
ISSN NO: 1301-2746
http://adalyajournal.com/
OBJECTIVES OF THE STUDY
➢ To know the importance of cyber security
➢ To equip with cyber risks and solutions for cyber security by way of cyber liability
insurance
➢ To ensure commensurate risk management programmes for entities thriving on digital
era and adapting in digital environment
➢ To know the impact of cyber risk causing financial burden and emerging liabilities
LIMITATIONS OF THE STUDY
➢ The study is done based available secondary data
➢ Time is one of the major constraints.
SOLUTION ANALYSIS AND INTERPRETATION
‘Digital’ refers to the storage of data in the form of digital signals whereas ‘Digitize’ is the
process in which forms of representation are converted into a digital form. The widely used
term ‘Digitalization’ describes the transformation of simple analogs for digital interpretation.
It was developed for convenience and ethical usage.
According to a survey by Advisen Cyber Security, 95% of respondents are expected to face
business interruption due to cyber breaches. Aadhaar, India’s central biometric initiative had
been recognized for data breach exposing personal data. Demonetization, discounts on
mobile wallets, UPI transactions and funding from domestic and international stakeholders
led to digital transactions and payments to grow at a rapid rate. Various innovative apps or
digital wallets like Paytm, Google pay provide the customers with a wider choice of payment
systems and ease to switch among the apps.
ADALYA JOURNAL
Volome 8, Issue 11, November 2019 882
ISSN NO: 1301-2746
http://adalyajournal.com/
In Karnataka, cybercrimes have risen 5 times in 4 years. The number of cybercrime cases has
already reached 3,496. To safeguard personal and official data, it becomes very essential to
be aware and come up with robust solutions to cope up with the corrupted digitalized system.
According to the study conducted by Chennai- based cyber security names K7 Computing
Indian netizens are under regular cyber-attacks with almost 1 in 3 users in a country
confronting cyber-attacks in Quarter 1 of current fiscal 2019-2020. Tamilnadu state has been
regarded as the most vulnerable city in the country, which experienced cyber-attacks.
According to their report among metros, Chennai has recorded the highest percentile of
cyber-attacks with 48 percent from April 2019 – June 2019 followed by Kolkata with 41
percent during the same period, Mumbai with 30 percent and Delhi being registered with the
lowest percentile of cyber-attacks with 28 percent among the metros. Among the Tier I Cities
Bengaluru and Hyderabad is with 39 percent, Ahmedabad with 38 percent and Pune with 35
percent and overall the report cautions and alarms, the concerned stakeholders to leverage
specific intelligence for counter measures and threat hunting
As per the report, cyber risk exposure gradually rises on working days in Metros, starting
from Monday, and records the highest on Friday. In terms of timings of the day, the cyber
risk is highest during 4 PM and the safest is around 6 AM hour in the metros. The average
percentage of cyber-attacks in the top dozen infected Tier II Cities in India was found to be
worse when compared to Metros and Tier I Cities. From April 2019 to June 2019, Patna
experienced the highest percentile of cyber-attacks with 48 percent, closely followed next by
Guwahati with 46 percent, then Lucknow with 45 percent while Thiruvananthapuram stood
safest among all other cities at 35 percent
The enervating rise of ransomware attacks is a constantly growing problem in the digital era.
After the arrival of Ransomware-as-a-Service (RaaS), ransomware attacks have to scale up at
an alarming rate. Primarily hoaxing by email, fake websites, plugins, fake and identical
replication of applications (Apps) and malicious advertising and unauthorized links and
access, and by using the network and server-side vulnerabilities. This massive attack proves
that ransomware is still rampant.
ADALYA JOURNAL
Volome 8, Issue 11, November 2019 883
ISSN NO: 1301-2746
http://adalyajournal.com/
World Overview - Digital Snapshot
With the rise in every digital transaction individuals, organizations, government, etc.,
adopting online platforms every internet minute sees a lot of internet traffic on increasing
frequencies, below a trend of 2019 which depicts every internet minute what happens in the
online platform and it is set to rise in the near future
With each click, share, swipe and like, content and information are created. From Google to
WhatsApp to Facebook to Netflix, all use multiple platforms exposing personal information
and creating digital havoc. Messaging (Texts Sent from various organizations and services)
which is a large part of the internet and digital activity in 60 seconds. WhatsApp and
Instagram are emerging applications with the largest shares in the digital activity per minute.
Video Streaming and shopping online have majorly contributed through platforms like
Netflix, Amazon, Flipkart, etc. These websites and social media are created for customer
convenience but highly are used for data extraction and exploitation by looking at recent
cyber and personal crimes. In every 60 seconds18.1 Million Texts are being sent in
WhatsApp, 4.5 Millions of Video viewed on YouTube, 390030 apps downloaded from
Google Play Store & Apple App Store. 87500 People tweeting on twitter, 188 Million Mails
being sent, 3.8 Million Search queries on Google Chrome, 1 Million Logging in Facebook,
ADALYA JOURNAL
Volome 8, Issue 11, November 2019 884
ISSN NO: 1301-2746
http://adalyajournal.com/
etc.,
World's Internet Activity every 60 seconds-2019(in millions)
Google(search Queries
Facebook(logging in)
Messaging(Text sent)
Youtube(video'sviewed
google play store(appsdownloaded
Instagram(scrollinginstagram feed)
Twitter(peopletweeting
Tinder(swipes)
Email(mails sent)
Twitch(views)
Music apps(streamingand subscription)
Amazon/googlehome(speakersshipped)Giphy(GIFs served
Whatsapp/facebook(Messagessent)Snapchat(snapscreated)
shoppingamazon(spent online)
Netflix(hours watched)
ADALYA JOURNAL
Volome 8, Issue 11, November 2019 885
ISSN NO: 1301-2746
http://adalyajournal.com/
66%
58%
45%
45%
Penetration of Digitalization around the world-April 2019( in %)
Unique Mobile users
Internet users
Active social Media users
Mobile social media users
ADALYA JOURNAL
Volome 8, Issue 11, November 2019 886
ISSN NO: 1301-2746
http://adalyajournal.com/
Global Digital snapshot April 2019 - Key statistical indicators for the world's Internet, Mobile
and Media Users. Penetration of digitization using active social media and mobile social media
contributes 45% of the entire global population.
According to joint report of KPMG in India & Indian Mobile Congress – COAI released on
the first day of IMC 2019 (14th October to 16th October 2019) on emphasized on organizations
need to be open with consumers about their data being collected as cybercrimes are rising up
where India faces one of the highest rates of cyber security in the Asia Pacific region –
receiving more than 500,000 security alerts daily basis which is nearly more than the global
average. The impact of a data breach to an organization averaged $3.9 Million globally in 2018
and compared its previous year 2017 it stood at $ 1.83 million, which is approximately 216.67
percent of the increase in data breaches. The report also stated that nearly 39% of the security
alerts remain unattended owing to the lack of relevant skill sets and competency to deal with
such cyber risks. India has only 10- 12% digitally skilled employees having cyber security
skills and only a few of them have data protection and privacy skills and competency to deal
with such risks. The report highlights on India being speeding up its mission to transform into
a truly digital economy, the cyber security threats and privacy concerns could disrupt its digital
success. Equipping with commensurate risk management policy by ensuring Cyber Liability
Insurance in place to mitigate the risks arising out of increasing cyber-attacks and hampering
the credibility and causing financial burden and risks. Cyber threats superintend highlights the
ever-advancing threat landscape around the country and addresses the growing essential
requirement of digital risk management by being more proactive in the approach towards
cybersecurity and equipping with the need-based cyber liability insurance covers to mitigate
the financial burden and have additional protection floor for cyber risks All Industries together
along with the Government need to have a collaborative outlook to address the emerging threat
of information and cyber insecurity. The cyber-attack is not focused on any particular industry,
but it is widely spread across industries especially those organizations, which are online,
connected and exploring through the digital platform. The Insurance Industry can address the
need for protecting cyber risks and formulate the tailor-made cyber insurance plans for different
segments of industries and Cyber risks according to the sector specification. Cyber Insurance
covers the legal and other expenses in case of data breach and damages caused by the cyber
risks such as cost of restoring the data, loss because of the business interruption caused by
Cyber risks and Cyberattacks. Cyber Liability Insurance coverage can be formulated to meet
the cyber security risks and protecting the needs of various businesses of different sizes and
ADALYA JOURNAL
Volome 8, Issue 11, November 2019 887
ISSN NO: 1301-2746
http://adalyajournal.com/
providing Insurance Solutions on comprehensive data security and Other Related Cyber Risks.
In the wake of recent cyber-attacks and also implement an appropriate mechanism to mitigate
cyber risks The Insurance Regulatory and Development Authority of India (IRDAI) has asked
insurers on the present status and the future plan of action on cyber security framework of
insurers. IRDAI should also insist on research and exploring new product development of cyber
risks related to insurance products to combat growing cyber risks.
KEY FINDINGS
1. The Most popular Infection vector is Email/Phishing
2. Top cyber-attack industry targets: Banking and Financial Services Industry (BFSI),
Fast Moving Consumer Goods (FMCG) Industry, Food Industry, Logistics
industry, and Non-profit organizations.
3. Cyber Security and risk arising out Cyber-attacks may result in emerging liabilities
where the Individuals, Organization and government credibility will impact causing
a financial burden
4. With the right tailor-made Cyber Liability Insurance, one can get an inclusive mix
of defensive, as well as protective measures, covers inbuilt in such cyber risks
insurance products.
5. With the ever increase in the digital environment the probability of new emerging
risks can be secured by way of Insurance protection with apt Cyber Insurance
coverage.
ADALYA JOURNAL
Volome 8, Issue 11, November 2019 888
ISSN NO: 1301-2746
http://adalyajournal.com/
SUGGESTIONS AND RECOMMENDATIONS:
1. Maintain security hygiene, Choose prevention over detection to create
awareness on potential cyber risks and protection through adequate Cyber Liability
Insurance cover
2. Effective Cyber defense program as a part of risk management by building a
robust cyber security architecture that is multilayered and spans all networks, endpoints
and mobile devices, and cloud. With the right architecture and vigilant authorization
and access will tend to get better pricing of Cyber Liability Insurance Cover
3. In correlation to the growing use of banks’ mobile applications, malware
capable of stealing payment data, credentials and funds from victims’ bank accounts
have been pushed from the general threat landscape and became a very common mobile
threat too.
4. The Government should take a major action towards prank/fraud calls
5. The Insurers should incentivize those organizations, which shall have a regular
check on the proxy servers and take action by reporting to the concerned authorities
6. Income Tax authorities should have a check on the hackers who are more
towards the money laundering and tax evasion should ensure strict penal provisions and
Insurers should blacklist such hackers in providing any other form of Insurance cover
by way of imposing restrictions.
7. Creating awareness regarding cybercrimes, cyber risks and assistants from
Cyber Mitra to help them to ensure cyber safety and Cyber Mitra can help in locating
and choosing the appropriate cyber liability insurance and assisting in claims settlement
8. Adapting improved and user-friendly technology-related solutions and
implementing Blockchain technology by the insurance industry to keep a tab on any
subsequent changes or possible threats avoiding cyber risks.
9. Creating a Cyber Security community in clusters, which can impart basic cyber
risks training, and Insurance dynamics to protect with future cyber-attacks.
10. Ensuring consumer confidence in the certainty of cyber insurance coverage and
enhance efforts to increase awareness.
ADALYA JOURNAL
Volome 8, Issue 11, November 2019 889
ISSN NO: 1301-2746
http://adalyajournal.com/
11. Cyber insurance premium can be justified based on the layer of protection and
organizational data value at each stage of different functions of the organization
12. In addition to a financial loss mitigation tool, increasing burden of emerging
liabilities arising out of cyber risks The Cyber Liability Insurance awareness should
also help individuals understand how to prepare ahead of a potential cyber-attack
13. Having adequate Cyber security measures in place we should also be prepared
with potential threats causing cyber insecurity.
CONCLUSIONS
The foremost challenge to the insurance industry is the insatiable and ever-changing needs
and the constant change of attitude of the customers. New millennials are exceptionally quick
to experience insurance dynamics. Parallelly It is also required for Individuals,
Organizations; Government, etc., seriously to evaluate and examine various adoption of
digital platforms and innovative approaches of technologies, Drawing an effective risk
management policy to balance investment, risk and exploratory goals to identify appropriate
technologies and prepare with high-end cyber security measures. These risk evaluations can
streamline risk selection, improve decision-making, the increased expansion of vectors means
more ways to attack an organization. Drive better outcomes, and provide a platform for
developing innovative offerings that can increase market share and add more value to the
customers with trust environment by adding an appropriate Cyber Liability Insurance in their
Insurance Portfolio.
ADALYA JOURNAL
Volome 8, Issue 11, November 2019 890
ISSN NO: 1301-2746
http://adalyajournal.com/
REFERENCES
1) Jean Bolot, Marc Lelarge (2008, June) “Cyber Insurance as an Incentive for
Internet Security” WEIS The Workshop on the Economics of Information Security
Pages 1 to 8
2) Scott J.Shackelford (2012, July August) “Should your firm invest in cyber risk
Insurance?” Business Horizons Volume 55, Issue 4, July–August 2012, Pages 349-
356
3) Jagendra Kumar (2019, October) “Three Fourth Indian Business hit by Cyber
Attacks” The Insurance Times Pages 18 to 24 4) Jaswanth Singh G (2018 February) “Cyber risks and How can an effective
Cyber Insurance can be explored for mitigate risks” The Insurance Times Pages
23 to 28 and Blog : http://indiaassurance.in/single-post.php?ids=75
5) Derek Young, Juan Lopez Jr, Mason-Rice, Benjamin Ramsey, Robert
McTasney (2016, September ) “A framework for incorporating insurance in
critical infrastructure cyber risk strategies” International Journal of Critical
Infrastructure Protection Volume 14, September 2016, Pages 43-57
6) Jaswanth Singh G (2018 April) “Exploring cyber Insurance solutions for cyber
security or cyber insecurity and cyber risks” Pravartak April 18 Volume XII
Issue 1 Page 9 to 11 and Blog http://indiaassurance.in/single-post.php?ids=76
7) World Insuretech Report 2019 – Capgemini & Efma
8) https://news.k7computing.com/index.php/press-release/1-in-3-indian-netizens-are-
under-cyber-attacks-k7-computings-cyber-threat-monitor/
9) https://www.irdai.gov.in/ADMINCMS/cms/Uploadedfiles/07.04.2017-
Guidelines%20on%20Information%20and%20Cyber%20Security%20for%20insu
rers.pdf
10) World Economic Forum 2019 @lorislewis @officiallychad
11) Global Digital snapshot April 2019 – Key statistical indicators for the world’s
Internet, Mobile, and Media Users
12) https://government.economictimes.indiatimes.com/news/secure-india/india-
receives-5-lakh-cybersecurity-alerts-daily-kpmg-coai/71594476
ADALYA JOURNAL
Volome 8, Issue 11, November 2019 891
ISSN NO: 1301-2746
http://adalyajournal.com/
FIRST AUTHOR: JASWANTH SINGH G
Insurance Domain Consultant (InsureTech) Faculty for Insurance, Financial Services and Pension
Studies
SECOND AUTHOR : VARSHINI S
II B.COM PROFESSIONAL ‘B’ CHRIST (Deemed To Be University)
Registration Number: 1812665
ADALYA JOURNAL
Volome 8, Issue 11, November 2019 892
ISSN NO: 1301-2746
http://adalyajournal.com/
THIRD AUTHOR : PATHURI V M S K CHAITANYA
II B.COM PROFESSIONAL ‘B’ CHRIST (Deemed To Be University)
Registration Number: 1812619
ADALYA JOURNAL
Volome 8, Issue 11, November 2019 893
ISSN NO: 1301-2746
http://adalyajournal.com/